from rest_framework.permissions import BasePermission

class IsDishOwnerOrReadOnly(BasePermission):
    """
    确保只有菜品所属厨师可以修改
    """
    def has_object_permission(self, request, view, obj):
        if request.method in ['GET', 'HEAD', 'OPTIONS']:
            return True
        return obj.chef.user == request.user